OK, I’m blind. The first option does report data, albeit truncated so I missed
it. The second dumps it as a list which in my test case was too big for even me
to miss. J
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Melvin Backus
Sent: Tuesday, April 25, 2017 7:46 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Get group membership through powershell
I’ve never had a problem with net user /domain or net group /domain althought
output format isn’t particularly handy if you’re trying to manipulate the
results.
That said, are you sure you’re using the correct syntax?
This will return the user info with no membership info
Get-aduser –identity testuser –properties memberof
But this will return the membership info as expected.
$info = Get-aduser –identity testuser –properties memberof
$info.memberOf
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Russ
Sent: Tuesday, April 25, 2017 1:55 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Get group membership through powershell
OK - is there a way that you know of to use a command line tool to pull that
information accurately? It seems like if a cmdlet is inaccurate, it is pretty
useless.
On Mon, Apr 24, 2017 at 3:02 PM, Brian Desmond
<br...@briandesmond.com<mailto:br...@briandesmond.com>> wrote:
MemberOf is a constructed attribute which the cmdlets may not be requesting
correctly or at all. ADUC makes specific calls to AD to get that data.
Thanks,
Brian Desmond
w – 312.625.1438<tel:(312)%20625-1438> | c – 312.731.3132<tel:(312)%20731-3132>
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
On Behalf Of Russ
Sent: Monday, April 24, 2017 4:32 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Get group membership through powershell
I've often used powershell to get the groups that a user is a member of by
using get-adprincipalgroupmembership. It's always worked to my knowledge.
However, I've found one group which doesn't show up for anyone - so I was
curious if anyone has run into this before. If I run get-adgroupmember for the
group, everyone shows up who should be there, but if I try to run the reverse
on any of the users who are a member of the group, it doesn't show up - it just
returns "domain users".
If I try get-aduser with -properties "memberof", nothing shows up for that
property at all. (not even domain users, but I think that's normal?).
If you go into ADUC and look up the user, the two groups (this one, and domain
users) show up just fine.
Does anyone know of a circumstance why this wouldn't return a value?
